Collecting Cyber-News from over 60 sources

Tag: framework

NIST’s adversarial ML guidance: 6 action items for your security team

Apr 18, 2025 5:28 AM

Tags: ai, attack, framework, intelligence, ml, nist, technology, threat
Time to Migrate from On-Prem to Cloud? What You Need to Know

Apr 17, 2025 7:28 PM

Tags: business, cloud, framework, google, infrastructure, kubernetes, microsoft, service
The FTC Is Watching: GoDaddy’s Settlement Sends a Clear Message on API Security

Apr 17, 2025 3:28 PM

Tags: access, api, attack, authentication, breach, business, communications, compliance, control, credentials, data, data-breach, detection, encryption, exploit, finance, framework, fraud, governance, government, incident response, law, mfa, monitoring, password, privacy, risk, service, theft, threat, tool, unauthorized, vulnerability, vulnerability-management

In today’s rapidly changing digital environment, APIs play a crucial role in modern business, facilitating smooth connectivity and data sharing. Yet, this interconnected nature brings significant security and privacy risks, as evidenced by the Federal Trade Commission’s (FTC) recent settlement with GoDaddy. This settlement serves as a stark reminder that strong API security is no…
NIST Updates Privacy Framework With AI and Governance Revisions

Apr 17, 2025 3:28 PM

Tags: ai, cybersecurity, framework, governance, guide, nist, privacy, technology, update

The US National Institute of Standards and Technology has updated its Privacy Framework to work cohesively with its Cybersecurity Framework and guide organizations to develop stronger postures to handle privacy risks. First seen on darkreading.com Jump to article: www.darkreading.com/data-privacy/nist-updates-privacy-framework-ai-governance
CISOs no closer to containing shadow AI’s skyrocketing data risks

Apr 17, 2025 10:28 AM

Tags: access, ai, authentication, awareness, best-practice, breach, business, ceo, chatgpt, ciso, compliance, computer, control, cybersecurity, data, data-breach, detection, finance, framework, github, google, governance, group, jobs, law, leak, LLM, mitigation, monitoring, privacy, RedTeam, regulation, risk, risk-management, service, software, technology, theft, tool, training, unauthorized, vulnerability

While most organizations (90%) offer sanctioned generative AI apps and even more (98%) offer their users apps that incorporate gen AI features, unauthorized use of AI services is skyrocketing in business, according to a study by Netskope.Most gen AI use in the enterprise (72%) is shadow IT, driven by individuals using personal accounts to access…
Apple Patches Two Actively Exploited iOS Flaws Used in Sophisticated Targeted Attacks

Apr 17, 2025 6:28 AM

Tags: apple, attack, cve, exploit, flaw, framework, macOS, update, vulnerability

Apple on Wednesday released security updates for iOS, iPadOS, macOS Sequoia, tvOS, and visionOS to address two security flaws that it said have come under active exploitation in the wild.The vulnerabilities in question are listed below -CVE-2025-31200 (CVSS score: 7.5) – A memory corruption vulnerability in the Core Audio framework that could allow code execution…
Latest Mustang Panda Arsenal: PAKLOG, CorKLOG, and SplatCloak – P2

Apr 16, 2025 6:28 PM

Tags: access, api, business, cloud, control, cryptography, data, defense, edr, encryption, exploit, framework, group, Hardware, kaspersky, malicious, malware, microsoft, mitre, monitoring, network, reverse-engineering, service, technology, threat, tool, update, windows

This is Part 2 of our two-part technical analysis on Mustang Panda’s new tools. For details on ToneShell and StarProxy, go to Part 1.IntroductionIn addition to the new ToneShell variants and StarProxy, Zscaler ThreatLabz discovered two new keyloggers used by Mustang Panda that we have named PAKLOG and CorKLOG as well as an EDR evasion…
CVE program averts swift end after CISA executes 11-month contract extension

Apr 16, 2025 6:28 PM

Tags: china, cisa, computer, cve, cyber, cybersecurity, data, defense, detection, endpoint, flaw, framework, government, infrastructure, intelligence, linkedin, mitre, nist, nvd, russia, service, software, technology, threat, update, vulnerability, vulnerability-management

Important update April 16, 2025: Since this story was first published, CISA signed a contract extension that averts a shutdown of the MITRE CVE program.A CISA spokesperson sent CSO a statement saying, “The CVE Program is invaluable to cyber community and a priority of CISA. Last night, CISA executed the option period on the contract to ensure…
Navigating AI Implementation for MSPs: A Security and Compliance Framework

Apr 15, 2025 10:28 PM

Tags: ai, compliance, framework, msp

First seen on scworld.com Jump to article: www.scworld.com/perspective/navigating-ai-implementation-for-msps-a-security-and-compliance-framework
From ISO to NIS2 Mapping Compliance Requirements Globally

Apr 15, 2025 2:28 PM

Tags: compliance, cyber, cybersecurity, framework, ISO-27001, nis-2

The global regulatory landscape for cybersecurity is undergoing a seismic shift, with the European Union’s NIS2 Directive emerging as a critical framework for organizations operating within its jurisdiction. While ISO 27001 has long been the gold standard for information security management, the mandatory nature of NIS2 introduces new complexities for leaders navigating compliance across borders.…
Agentic AI is both boon and bane for security pros

Apr 15, 2025 9:28 AM

Tags: access, ai, attack, authentication, cctv, ciso, cloud, conference, control, data, framework, governance, guide, hacker, identity, law, lessons-learned, linux, LLM, microsoft, RedTeam, risk, service, soc, software, strategy, technology, threat, tool, vmware, vulnerability

Recent agentic security signposts: Recently, we have seen numerous examples of how quickly building your own autonomous AI agents has taken root. Microsoft last month demonstrated six new AI agents that work with its Copilot software that talk directly to its various security tools to identify vulnerabilities, flag identity and asset compromises. Simbian is hosting…
Top 10 Best Zero Trust Solutions 2025

Apr 15, 2025 7:33 AM

Tags: access, control, cyber, cybersecurity, framework, risk, threat, zero-trust

Zero Trust Solutions is a modern cybersecurity framework built on the principle of >>never trust, always verify.
Meeting NIST API Security Guidelines with Wallarm

Apr 11, 2025 12:05 AM

Tags: api, cloud, framework, nist

On March 25, 2025, NIST released the initial public draft of NIST SP 800-228, “Guidelines for API Protection for Cloud-Native Systems.” The document provides a comprehensive framework for securing APIs in cloud-enabled environments. However, for organizations looking to align with these objectives, the tooling requirements may seem initially overwhelming. Fortunately, Wallarm helps streamline the process…
AkiraBot: AI-Powered spam bot evades CAPTCHA to target 80,000+ websites

Apr 10, 2025 5:05 PM

Tags: ai, captcha, framework, service, spam

AkiraBot, a CAPTCHA-evading Python framework, has spammed over 80,000 websites with AI-generated messages, targeting small and medium-sized businesses. SentinelOne’s SentinelLabs researchers warn that AkiraBot, a spam framework, targets websites’ chats and contact forms to promote low-quality SEO services, AkiraBot has already targeted more than 400,000 websites and successfully spammed at least 80,000 websites since September…
The Identities Behind AI Agents: A Deep Dive Into AI & NHI

Apr 10, 2025 2:06 PM

Tags: ai, business, framework, software, technology, tool

AI agents have rapidly evolved from experimental technology to essential business tools. The OWASP framework explicitly recognizes that Non-Human Identities play a key role in agentic AI security. Their analysis highlights how these autonomous software entities can make decisions, chain complex actions together, and operate continuously without human intervention. They’re no longer just tools, First…
AkiraBot Floods 80,000 Sites After Outsmarting CAPTCHAs and Slipping Past Network Defenses

Apr 10, 2025 12:06 PM

Tags: captcha, cyber, defense, detection, framework, network, spam

AkiraBot, identified by SentinelLABS, represents a sophisticated spam bot framework that targets website chats and contact forms to promote low-quality SEO services. Since its inception in September 2024, AkiraBot has impacted over 420,000 unique domains, successfully spamming at least 80,000 websites. It leverages both CAPTCHA evasion techniques and network detection evasion to elude website security…
AI-Powered AkiraBot Evades CAPTCHA to Spam 80,000 Websites

Apr 10, 2025 12:06 PM

Tags: ai, captcha, framework, spam

A new AI-powered framework dubbed “AkiraBot” has successfully spammed 80,000 websites since September 2024 First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/aipowered-akirabot-captcha-spam/
‘AkiraBot’ Spammed 80,000 Websites With AI-Generated Messages

Apr 10, 2025 11:06 AM

Tags: ai, captcha, framework, spam

CAPTCHA-evading Python framework AkiraBot has spammed over 80,000 websites with AI-generated spam messages. The post ‘AkiraBot’ Spammed 80,000 Websites With AI-Generated Messages appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/akirabot-spammed-80000-websites-with-ai-generated-messages/
Policymakers weigh U.S.-China AI competition after DeepSeek

Apr 9, 2025 11:05 PM

Tags: ai, china, control, framework

Boosting federal R&D, sustaining export controls and creating a federal AI framework are a few suggestions experts made to help maintain the U.S. lead in AI. First seen on techtarget.com Jump to article: www.techtarget.com/searchenterpriseai/news/366622219/Policymakers-weigh-US-China-AI-competition-after-DeepSeek
The Database Kill Chain

Apr 9, 2025 6:52 PM

Tags: attack, cyber, data, framework, risk, threat

Modern attacks targeting sensitive data have become complex. An organization with many assets might be lost when trying to assess its overall risk, understand the pain points and prioritize the tasks required to secure its information systems. Cyber threat modeling frameworks were introduced to help solve this issue. By identifying the different parts of the……
Policymakers weigh U.S., China AI competition after DeepSeek

Apr 9, 2025 5:55 PM

Tags: ai, china, control, framework

Boosting federal R&D, sustaining export controls and creating a federal AI framework were a few suggestions experts made to help maintain the U.S. lead in AI. First seen on techtarget.com Jump to article: www.techtarget.com/searchenterpriseai/news/366622219/Policymakers-weigh-US-China-AI-competition-after-DeepSeek
When Good Tools Go Bad: Dual-Use in Cybersecurity

Apr 8, 2025 8:42 PM

Tags: access, ai, attack, authentication, automation, awareness, breach, cloud, compliance, computing, control, cyber, cyberattack, cybercrime, cybersecurity, data, ddos, detection, dns, exploit, framework, iam, incident response, infrastructure, intelligence, malicious, malware, mfa, network, nvd, penetration-testing, phishing, psychology, reverse-engineering, risk, software, strategy, tactics, threat, tool, training, unauthorized, update, vulnerability
21 Countries Sign Onto Voluntary Pact to Stem the Proliferation of Spyware

Apr 8, 2025 7:42 PM

Tags: framework, government, malicious, spyware

Twenty-one countries signed onto the Pall Mall Process, an effort a year in the making that was created to develop a framework nations could adopt to address the proliferation and malicious use of spyware by governments that want it to track human rights workers, activists, journalists, and other such targets. First seen on securityboulevard.com Jump…
10 things you should include in your AI policy

Apr 8, 2025 8:42 AM

Tags: access, ai, best-practice, breach, business, ceo, ciso, compliance, cybersecurity, data, data-breach, finance, framework, gartner, GDPR, governance, incident response, insurance, law, monitoring, privacy, regulation, risk, software, strategy, switch, technology, tool, training, update

Input from all stakeholders: At Aflac, the security team took the initial lead on developing the company’s AI policy. But AI is not just a security concern. “And it’s not just a legal concern,” Ladner says. “It’s not just a privacy concern. It’s not just a compliance concern. You need to bring all the stakeholders…
Exploring the EU Cybersecurity Certification Scheme: A Guide to Common Criteria

Apr 7, 2025 2:42 PM

Tags: cybersecurity, framework, guide, regulation

What is the EU Cybersecurity Certification Scheme? The EU Cybersecurity Certification Scheme is designed to simplify and harmonize cybersecurity certifications across the EU. With varying national-level rules and regulations creating barriers to trade and inconsistencies in security standards, the framework provides EU-wide schemes that establish a single, trustworthy approach. How Does It Differ from Pre-existing……
NICE Workforce Framework 2.0.0 Released: Everything New and Improved

Apr 7, 2025 7:42 AM

Tags: cyber, cybersecurity, framework, update

The National Initiative for Cybersecurity Education (NICE) Workforce Framework for Cybersecurity has undergone a significant update, with the release of its version 2.0.0 introducing numerous enhancements aimed at standardizing how cybersecurity work and competencies are understood and managed. This major revision of the NICE Framework by the U.S. Department of Commerce’s National Institute of Standards…
When AI Agents Start Whispering: The Double-Edged Sword of Autonomous Agent Communication

Apr 5, 2025 1:42 AM

Tags: ai, breach, compliance, framework, monitoring

AI agents develop their own communication channels beyond our monitoring frameworks, we face a pivotal challenge: harnessing their collaborative problem-solving potential while preventing security breaches and compliance violations that could arise when systems start “whispering” among themselves. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/when-ai-agents-start-whispering-the-double-edged-sword-of-autonomous-agent-communication/
Cybersecurity Snapshot: SANS Recommends Six Controls To Secure AI Systems, While NCSC Warns About Outdated API Security Methods

Apr 4, 2025 5:42 PM

Tags: access, advisory, ai, api, attack, authentication, best-practice, botnet, business, cisa, cloud, compliance, computer, control, credentials, cryptography, cyber, cyberattack, cybersecurity, data, detection, dns, endpoint, framework, governance, government, incident response, infrastructure, injection, intelligence, Internet, least-privilege, malicious, mitigation, monitoring, network, phishing, privacy, programming, regulation, resilience, risk, risk-management, sans, service, strategy, supply-chain, threat, training, unauthorized, update, zero-trust

Check out the security controls that SANS Institute says are essential for protecting your AI systems. Plus, the U.K. NCSC urges organizations to adopt newer API security techniques. In addition, CISA and other cyber agencies warn that attackers are using “fast flux” techniques to conceal their actions. And much more! Dive into five things that…
Critical flaw in Apache Parquet’s Java Library allows remote code execution

Apr 4, 2025 12:42 PM

Tags: apache, data, flaw, framework, programming, remote-code-execution, software, vulnerability

Experts warn of a critical vulnerability impacting Apache Parquet’s Java Library that could allow remote code execution. Apache Parquet’s Java Library is a software library for reading and writing Parquet files in the Java programming language. Parquet is a columnar storage file format that is optimized for use with large-scale data processing frameworks, such as…
Proactively Managing NHIs to Prevent Breaches

Apr 2, 2025 11:42 PM

Tags: breach, cybersecurity, data, framework

Why is Proactive NHI Management Essential to Prevent Breaches? One might often ponder, how can organizations significantly strengthen their cybersecurity postures? The answer lies in the proactive management of Non Human Identities (NHIs) to prevent breaches. This strategic approach in NHI management serves as a robust framework for organizations to safeguard their sensitive data and……